Novell Filr Security Announcement: CVE-2014-3566 'POODLE' weakness in the SSL protocol

SSLv3 Fallback Protection “POODLE” vulnerability (CVE-2014-3566)

Severity: Medium

Version: OpenSSL 1.0.1, 1.0.0, 0.9.8

POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt cipher text using a padding oracle side-channel attack.

OpenSSL Description: "Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE."

All products using OpenSSL version 1.0.1, 1.0.0, 0.9.8 are impacted.

An updated security update is now available via the Novell Patch Finder. Search under your respective Filr version to download the patch.

For Filr 1.1.0 - patch is called 'Filr 1.1 - Security Update 1' and utilizes the new UI based patch deployment mechanism.
For Filr 1.0.1 - patch is called 'Filr - Security Update 3' and is distributed the same way as earlier patches.
There is no patch release for Filr 1.0.0.

Additional References:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566
https://www.openssl.org/news/secadv_20141015.txt